Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
MonkeyShell: using XML-RPC for access to a remote shell
From: Abe Usher (securitylistSHARP-IDEAS.NET)
Date: Sun Oct 10 2004 - 21:38:50 CDT
Security pundits have been warning about the dangers implicit with Web
services for years. A good starting point for understanding the security
issues related to Web services can be found at:
Of course to really understand the security risks posed by Web services,
you need to understand the basics of Web services. Enter an application
I wrote called "Monkey Shell."
MonkeyShell is a simple open source Python application that uses
extensible markup language remote procedure calls (XML-RPC) to execute
commands through a remote system shell.
I kept the code terse (less than 100 lines total) so that it can be
studied easily. It is similar to netcat except instead of "shell
shoveling" data through a raw TCP connection, it wraps data in XML and
transports it over HTTP.
MonkeyShell is freely available at:
Abe Usher, CISSP
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.